DescribeCloudResourceAccessPortDetails - Web Application Firewall

Queries the details of ports for cloud service instances added to Web Application Firewall (WAF).

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

yundun-waf:DescribeCloudResourceAccessPortDetails

get

*All Resource

*

acs:ResourceGroupId

None

Request parameters

Parameter	Type	Required	Description	Example
InstanceId	string	Yes	The ID of the WAF instance. Note Call the DescribeInstance operation to query the ID of the WAF instance.	waf-cn-tl32ast****
ResourceManagerResourceGroupId	string	No	The ID of the resource group.	rg-acfm***q
ResourceInstanceId	string	Yes	The ID of the resource instance.	lb-2zeugkfj81jvo****4tqm
Port	string	No	The port of the cloud service that is added to WAF.	443
Protocol	string	No	The protocol. Valid values: http: HTTP. https: HTTPS.	https
PageNumber	integer	No	The page number. Default value: 1.	1
PageSize	integer	No	The number of entries per page. Default value: 10.	10
ResourceProduct	string	No	The type of the cloud service. Valid values: clb4: Layer 4 Classic Load Balancer (CLB). clb7: Layer 7 CLB. ecs: Elastic Compute Service (ECS). nlb: Network Load Balancer (NLB).	clb7
RegionId	string	No	The region where the WAF instance resides. Valid values: cn-hangzhou: the Chinese mainland. ap-southeast-1: outside the Chinese mainland.	cn-hangzhou

Response elements

Element	Type	Description	Example
	object
RequestId	string	The request ID.	2EFCFE18-78F8-5079-B312-07***48B
TotalCount	integer	The total number of entries returned.	10
AccessPortDetails	array<object>	The details of the ports for the cloud service instance that is added to WAF.
	array<object>	The details of the ports for the cloud service instance that is added to WAF.
Protocol	string	The protocol. Valid values: http: HTTP. https: HTTPS.	https
Port	integer	The port of the cloud service that is added to WAF.	443
Certificates	array<object>	The list of certificates for the port of the cloud service instance.
	object	The information about the certificate for the port of the cloud service instance.
CertificateName	string	The name of the certificate.	cert-name1
CertificateId	string	The ID of the added certificate.	123-cn-hangzhou
AppliedType	string	The type of the certificate for the HTTPS protocol. Valid values: default: the default certificate. extension: the additional certificate.	default
XffHeaderMode	integer	The mode that WAF uses to obtain the real IP address of a client. Valid values: 0: WAF is the first Layer 7 proxy before client traffic is forwarded to the origin server. 1: WAF reads the first IP address from the X-Forwarded-For (XFF) header as the client IP address. 2: WAF reads the value of a custom header as the client IP address.	0
XffHeaders	array	The custom header fields that are used to obtain the client IP address. The value is a string in the `["header1","header2",...]` format. Note This parameter is returned only when XffHeaderMode is set to 2.
	string	The custom header fields that are used to obtain the client IP address. The value is a string in the `["header1","header2",...]` format. Note This parameter is returned only when XffHeaderMode is set to 2.	header1
LogHeaders	array<object>	The key-value pair that is used to tag the traffic that is processed by WAF. Note This parameter is returned only when the traffic tagging feature is enabled for the domain name.
	object	The key-value pair that is used to tag the traffic that is processed by WAF. Note This parameter is returned only when the traffic tagging feature is enabled for the domain name.
Key	string	The custom request header field.	key1
Value	string	The value of the custom request header field.	value1
Status	integer	The status of the domain name. Valid values: 1: The port is in the Normal state. 2: The port is being created. 3: The port is being modified. 4: The port is being released.	1
TLSVersion	string	The version of the Transport Layer Security (TLS) protocol. Valid values: tlsv1 tlsv1.1 tlsv1.2	tlsv1
EnableTLSv3	boolean	Indicates whether TLS 1.3 is supported. Valid values: true: TLS 1.3 is supported. false: TLS 1.3 is not supported.	true
CipherSuite	integer	The type of the cipher suite. Valid values: 1: all cipher suites. 2: strong cipher suites. 99: custom cipher suites.	1
CustomCiphers	array	The custom cipher suites. This parameter is returned only when CipherSuite is set to 99.
	string	The custom cipher suite.	ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384
ReadTimeout	integer	The read timeout period. Unit: seconds. Valid values: 1 to 3600.	5
WriteTimeout	integer	The write timeout period. Unit: seconds. Valid values: 1 to 3600.	1
Keepalive	boolean	Indicates whether to enable persistent connections. Valid values: true: Enables persistent connections. This is the default value. false: Disables persistent connections.	true
KeepaliveRequests	integer	The number of requests that can be reused in a persistent connection. Valid values: 60 to 1000. Note This parameter specifies the number of requests that can be reused after a persistent connection is established.	1000
KeepaliveTimeout	integer	The timeout period for an idle persistent connection. Valid values: 10 to 3600. Default value: 15. Unit: seconds. Note This parameter specifies the period of time after which an idle persistent connection is released.	10
Http2Enabled	boolean	Indicates whether HTTP/2 is enabled. Valid values: true: HTTP/2 is enabled. false: HTTP/2 is not enabled.	True
XffProto	boolean	Indicates whether to use the X-Forwarded-For-Proto header to identify the protocol used by WAF. Valid values: true: Identifies the protocol used by WAF. This is the default value. false: Does not identify the protocol used by WAF.	true
OwnerUserId	string	The ID of the Alibaba Cloud account to which the cloud service belongs.	123
SubStatus	string	The abnormal protection status. Valid values: InvalidCert: The certificate is invalid. ClientCertOpend: Mutual authentication is enabled. NetworkConfigLost: The network configuration of the cloud service is abnormal.	InvalidCert
SubStatusDetails	array<object>	The details of the abnormal protection status. This parameter is returned only when SubStatus is set to InvalidCert.
	object	The details of the abnormal protection status. This parameter is returned only when SubStatus is set to InvalidCert.
CertName	string	The name of the certificate in Certificates Management Service.	test-name
Domain	string	The domain name that is bound to the certificate.	test.aliyun.com
CertId	string	The ID of the certificate in Certificates Management Service.	123-cn-hangzhou
AppliedType	string	The type of the certificate for the HTTPS protocol. Valid values: default: the default certificate. extension: the additional certificate.	default
ProductCertName	string	The name of the certificate that is saved for the cloud service.	test-name
ProductCertId	string	The ID of the certificate that is saved for the cloud service.	123
CommonName	string	The common name (CN).	test.aliyun.com
ReasonCode	string	The reason for the abnormal protection status. Valid values: UserUploadCert: The certificate is manually uploaded. CertNotExistInCertCenter: The certificate does not exist in Certificates Management Service. CertExpired: The certificate has expired. EmptyCertCN: The CN of the certificate is empty.	CertNotExistInCertCenter
ExpireTime	integer	The expiration time of the certificate. The value is a UNIX timestamp. Unit: seconds.	1746328456000
CloudResourceId	string	The ID of the resource that is added to WAF. The ID is automatically generated by WAF.	i-bp1**************7ey-80-ecs
MaxBodySize	integer	The maximum size of a request body. Valid values: 2 to 10. Default value: 2. Unit: GB.	2

Examples

Success response

JSON format

{
  "RequestId": "2EFCFE18-78F8-5079-B312-07***48B",
  "TotalCount": 10,
  "AccessPortDetails": [
    {
      "Protocol": "https",
      "Port": 443,
      "Certificates": [
        {
          "CertificateName": "cert-name1",
          "CertificateId": "123-cn-hangzhou",
          "AppliedType": "default"
        }
      ],
      "XffHeaderMode": 0,
      "XffHeaders": [
        "header1"
      ],
      "LogHeaders": [
        {
          "Key": "key1",
          "Value": "value1"
        }
      ],
      "Status": 1,
      "TLSVersion": "tlsv1",
      "EnableTLSv3": true,
      "CipherSuite": 1,
      "CustomCiphers": [
        "ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384"
      ],
      "ReadTimeout": 5,
      "WriteTimeout": 1,
      "Keepalive": true,
      "KeepaliveRequests": 1000,
      "KeepaliveTimeout": 10,
      "Http2Enabled": true,
      "XffProto": true,
      "OwnerUserId": "123",
      "SubStatus": "InvalidCert",
      "SubStatusDetails": [
        {
          "CertName": "test-name",
          "Domain": "test.aliyun.com",
          "CertId": "123-cn-hangzhou",
          "AppliedType": "default",
          "ProductCertName": "test-name",
          "ProductCertId": "123",
          "CommonName": "test.aliyun.com",
          "ReasonCode": "CertNotExistInCertCenter",
          "ExpireTime": 1746328456000
        }
      ],
      "CloudResourceId": "i-bp1**************7ey-80-ecs",
      "MaxBodySize": 2
    }
  ]
}

Error codes

HTTP status code	Error code	Error message	Description
400	Waf.Instance.ValidFaild	WAF instance check failed. Check whether the instance ID is correct.	WAF instance check failed. Check whether the instance ID is correct.
400	Waf.Pullin.CloudProductParamEmpty	The resource Id of the cloud product accessing WAF is null or null values exist in the three input parameters of the cloud product name, port, and cloud product instance.	The resource Id of the cloud product accessing WAF is null or null values exist in the three input parameters of the cloud product name, port, and cloud product instance.
400	Waf.Pullin.CloudResourceInvalid	CloudResourceId parameter is illegal.	CloudResourceId parameter is illegal

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.